/[packages]/cauldron/shorewall/current/SPECS/shorewall.spec
ViewVC logotype

Contents of /cauldron/shorewall/current/SPECS/shorewall.spec

Parent Directory Parent Directory | Revision Log Revision Log

Revision 333436 - (show annotations) (download)
Thu Dec 20 20:16:01 2012 UTC (11 years, 4 months ago) by kamil
File size: 15590 byte(s) 
- new version 4.5.10.1 and update ftp paths
1 %define debug_package %{nil}
2
3 %define version_major 4.5
4 %define version_minor 10.1
5 %define version %{version_major}.%{version_minor}
6 %define version_main %{version}
7 %define version_lite %{version}
8 %define ipv6_ver %{version}
9 %define ipv6_lite_ver %{version}
10 %define sha1sums_ver %{version}
11 %define ftp_ver %{version_major}.10
12 %define ftp_path ftp://ftp.shorewall.net/pub/shorewall/%{version_major}/%{name}-%{ftp_ver}
13
14 %define name6 %{name}6
15
16 Summary: Iptables-based firewall for Linux systems
17 Name: shorewall
18 Version: %{version}
19 Release: %mkrel 9
20 License: GPLv2+ and LGPLv2.1+
21 Group: System/Servers
22 URL: http://www.shorewall.net/
23 Source0: %ftp_path/%{name}-%{version}.tar.bz2
24 Source1: %ftp_path/%{name}-lite-%{version_lite}.tar.bz2
25 Source2: %ftp_path/%{name}-docs-html-%{version}.tar.bz2
26 Source3: %ftp_path/%{name6}-%{ipv6_ver}.tar.bz2
27 Source4: %ftp_path/%{name6}-lite-%{ipv6_lite_ver}.tar.bz2
28 Source5: %ftp_path/%{sha1sums_ver}.sha1sums
29 Patch0: %{name}-common-4.2.5-init-script.patch
30 Patch1: %{name}-lite-4.2.5-init-script.patch
31 Patch2: %{name6}-4.2.5-init-script.patch
32 Patch3: %{name6}-lite-4.2.5-init-script.patch
33 Patch4: %{name}-4.4.23-allow-netmask-0.patch
34 Requires: iptables >= 1.4.1
35 Requires: iproute2
36 Requires: dash
37 Requires(post): rpm-helper
38 Requires(preun): rpm-helper
39 Conflicts: shorewall < 4.0.7-1
40 BuildConflicts: apt-common
41 BuildArch: noarch
42 # since shorewall 4.4 we do not have common, shell and perl modules anymore
43 Obsoletes: shorewall-common
44 Obsoletes: shorewall-perl
45 Obsoletes: shorewall-shell
46
47 %description
48 The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
49 (iptables) based firewall that can be used on a dedicated firewall system,
50 a multi-function gateway/ router/server or on a standalone GNU/Linux system.
51
52 %package ipv6
53 Summary: IPv6 capable Shorewall
54 Group: System/Servers
55 Requires: %{name} = %{version}-%{release}
56 Requires: iptables-ipv6
57 Requires: iproute2
58 Requires(post): rpm-helper
59 Requires(preun): rpm-helper
60
61 %description ipv6
62 An IPv6 enabled and capable Shoreline Firewall.
63
64 %package ipv6-lite
65 Summary: Lite version of ipv6 shorewall
66 Group: System/Servers
67 Requires: %{name}-ipv6 = %{version}-%{release}
68 Requires(post): rpm-helper
69 Requires(preun): rpm-helper
70
71 %description ipv6-lite
72 Shorewall IPv6 Lite is a companion product to Shorewall IPv6 that allows
73 network administrators to centralize the configuration of Shorewall-based
74 firewalls.
75
76 %package lite
77 Summary: Lite version of shorewall
78 Group: System/Servers
79 Requires: %{name} = %{version}-%{release}
80 Requires(post): rpm-helper
81 Requires(preun): rpm-helper
82
83 %description lite
84 Shorewall Lite is a companion product to Shorewall that allows network
85 administrators to centralize the configuration of Shorewall-based firewalls.
86
87 %package doc
88 Summary: Firewall scripts
89 Group: System/Servers
90
91 %description doc
92 The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
93 (iptables) based firewall that can be used on a dedicated firewall system,
94 a multi-function gateway/ router/server or on a standalone GNU/Linux system.
95
96 This package contains the docs.
97
98 %prep
99 %setup -q -c -n %{name}-%{version}
100 %setup -q -T -D -a 1
101 %setup -q -T -D -a 2
102 %setup -q -T -D -a 3
103 %setup -q -T -D -a 4
104
105 pushd %{name}-%{version_main}
106 %patch0 -p1 -b .init
107 %patch4 -p1 -b .allow-netmask-0
108 popd
109
110 pushd %{name}-lite-%{version_lite}
111 %patch1 -p1 -b .initlite
112 popd
113
114 pushd %{name6}-%{ipv6_ver}
115 %patch2 -p1 -b .init6
116 popd
117
118 pushd %{name6}-lite-%{ipv6_lite_ver}
119 %patch3 -p1 -b .init6lite
120 popd
121
122 %build
123 # (tpg) we do nothing here
124
125 %install
126 export PREFIX=%{buildroot}
127 export OWNER=`id -n -u`
128 export GROUP=`id -n -g`
129 export DEST=%{_initrddir}
130
131 pushd %{name}-%{version_main}
132 export CONFDIR=%{_sysconfdir}/%{name}
133 # (blino) enable startup (new setting as of 2.1.3)
134 perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' configfiles/%{name}.conf
135
136 # Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
137 perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' configfiles/%{name}.conf
138
139 # blank Internal option
140 perl -pi -e 's/TC_ENABLED=Internal/TC_ENABLED=/' configfiles/%{name}.conf
141
142 # (tpg) use perl compiler
143 perl -pi -e 's/SHOREWALL_COMPILER=.*/SHOREWALL_COMPILER=perl/' configfiles/%{name}.conf
144
145 # (tpg) do the optimizations
146 perl -pi -e 's/OPTIMIZE=.*/OPTIMIZE=1/' configfiles/%{name}.conf
147
148 # (tpg) enable IPv6
149 perl -pi -e 's#DISABLE_IPV6=.*#DISABLE_IPV6=No#' configfiles/%{name}.conf
150
151 # (tpg) set config path
152 perl -pi -e 's#CONFIG_PATH=.*#CONFIG_PATH=configfiles/%{/g_sysconfdir}/%{name}#' configpath
153
154 # (lmenut) mga kernel modules are compressed by default (mga #1147)
155 perl -pi -e 's#MODULE_SUFFIX=.*#MODULE_SUFFIX="ko ko.xz ko.gz"#' configfiles/%{name}.conf
156
157 # (alien) have accounting by default in the mangle table
158 perl -pi -e 's#ACCOUNT_TABLE=.*#ACCOUNT_TABLE=mangle#' configfiles/%{name}.conf
159
160 # let's do the install
161 ./install.sh
162 popd
163
164 #(tpg) IPv6
165 pushd %{name6}-%{ipv6_ver}
166 # (blino) enable startup (new setting as of 2.1.3)
167 perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' configfiles/%{name6}.conf
168 # Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
169 perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' configfiles/%{name6}.conf
170 # (lmenut) mga kernel modules are compressed by default (mga #1147)
171 perl -pi -e 's#MODULE_SUFFIX=.*#MODULE_SUFFIX="ko ko.xz ko.gz"#' configfiles/%{name6}.conf
172
173 ./install.sh
174 popd
175
176 pushd %{name6}-lite-%{ipv6_lite_ver}
177 ./install.sh
178 popd
179
180 pushd %{name}-lite-%{version_lite}
181 ./install.sh
182 popd
183
184 # Suppress automatic replacement of "echo" by "gprintf" in the shorewall
185 # startup script by RPM. This automatic replacement is broken.
186 export DONT_GPRINTIFY=1
187
188 #(tpg) looks like these files are needed
189 touch %{buildroot}/%{_var}/lib/shorewall/{chains,nat,proxyarp,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
190 touch %{buildroot}/%{_var}/lib/shorewall-lite/firewall
191
192 #(tpg) ipv6
193 touch %{buildroot}/%{_var}/lib/%{name6}/{chains,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
194 touch %{buildroot}/%{_var}/lib/%{name6}-lite/firewall
195
196 #(tpg) remove hash-bang
197 find %{buildroot} -name "lib.*" -exec sed -i -e '/\#\!\/bin\/sh/d' {} \;
198
199 # (tpg) let's use dash everywhere!
200 find %{buildroot} -type f -exec sed -i -e 's@/bin/sh@/bin/dash@' {} \;
201
202 # add information about 4.4.0 upgrade
203 cat > README.4.4.0.upgrade.urpmi << EOF
204 As of shorewall 4.4.0, the shorewall-common and shorewall-perl packages
205 were merged into a single shorewall package. Other notable changes in 4.4.0
206 version are:
207 - The support for shorewall-shell has been discontinued
208 - Support for SAME target in /etc/shorewall/masq and /etc/shorewall/rules
209 has been removed.
210 - Support for norfc1918 and RFC1918_STRICT have been removed.
211 - The name 'any' is now reserved and may not be used as a zone name.
212
213 If you were relying on those options, please review your shorewall
214 configuration. Refer to the /usr/share/doc/shorewall/releasenotes.txt file
215 for further instructions.
216 EOF
217
218 #remove unused files because of %exclude misbehaviour
219 rm -f %{buildroot}%{_datadir}/%{name6}/configfiles/*
220 rm -f %{buildroot}%{_datadir}/shorewall/configfiles/*
221
222 %post
223 if [ "$1" -ge 1 ] ; then
224 perl -pi -e 's#MODULE_SUFFIX=ko$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name}/%{name}.conf
225 perl -pi -e 's#MODULE_SUFFIX=\"ko ko.gz\"$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name}/%{name}.conf
226 fi
227 %_post_service shorewall
228
229 %create_ghostfile %{_var}/lib/%{name}/chains root root 644
230 %create_ghostfile %{_var}/lib/%{name}/nat root root 644
231 %create_ghostfile %{_var}/lib/%{name}/proxyarp root root 644
232 %create_ghostfile %{_var}/lib/%{name}/restarted root root 644
233 %create_ghostfile %{_var}/lib/%{name}/zones root root 644
234 %create_ghostfile %{_var}/lib/%{name}/restore-base root root 644
235 %create_ghostfile %{_var}/lib/%{name}/restore-tail root root 644
236 %create_ghostfile %{_var}/lib/%{name}/state root root 644
237 %create_ghostfile %{_var}/lib/%{name}/.modules root root 644
238 %create_ghostfile %{_var}/lib/%{name}/.modulesdir root root 644
239 %create_ghostfile %{_var}/lib/%{name}/.iptables-restore-input root root 644
240 %create_ghostfile %{_var}/lib/%{name}/.restart root root 700
241 %create_ghostfile %{_var}/lib/%{name}/.restore root root 700
242 %create_ghostfile %{_var}/lib/%{name}/.start root root 700
243
244 %preun
245 %_preun_service %{name}
246 if [ $1 = 0 ] ; then
247 rm -f %{_sysconfdir}/%{name}/startup_disabled
248 rm -f %{_var}/lib/%{name}/*
249 fi
250
251 %post lite
252 %_post_service %{name}-lite
253 %create_ghostfile %{_var}/lib/%{name}-lite/firewall root root 644
254
255 %preun lite
256 %_preun_service %{name}-lite
257
258 %post ipv6
259 if [ $1 > 1 ] ; then
260 perl -pi -e 's#MODULE_SUFFIX=ko$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name6}/%{name6}.conf
261 perl -pi -e 's#MODULE_SUFFIX=\"ko ko.gz\"$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name6}/%{name6}.conf
262 fi
263 %_post_service %{name6}
264
265 %create_ghostfile %{_var}/lib/%{name6}/chains root root 644
266 %create_ghostfile %{_var}/lib/%{name6}/restarted root root 644
267 %create_ghostfile %{_var}/lib/%{name6}/zones root root 644
268 %create_ghostfile %{_var}/lib/%{name6}/restore-base root root 644
269 %create_ghostfile %{_var}/lib/%{name6}/restore-tail root root 644
270 %create_ghostfile %{_var}/lib/%{name6}/state root root 644
271 %create_ghostfile %{_var}/lib/%{name6}/.modules root root 644
272 %create_ghostfile %{_var}/lib/%{name6}/.modulesdir root root 644
273 %create_ghostfile %{_var}/lib/%{name6}/.iptables-restore-input root root 644
274 %create_ghostfile %{_var}/lib/%{name6}/.restart root root 700
275 %create_ghostfile %{_var}/lib/%{name6}/.restore root root 700
276 %create_ghostfile %{_var}/lib/%{name6}/.start root root 700
277
278 %preun ipv6
279 %_preun_service %{name6}
280 if [ $1 = 0 ] ; then
281 rm -f %{_sysconfdir}/%{name6}/startup_disabled
282 rm -f %{_var}/lib/%{name6}/*
283 fi
284
285 %post ipv6-lite
286 %_post_service %{name6}-lite
287 %create_ghostfile %{_var}/lib/%{name6}-lite/firewall root root 644
288
289 %preun ipv6-lite
290 %_preun_service %{name6}-lite
291
292 %files
293 %doc README.4.4.0.upgrade.urpmi %{name}-%{version_main}/{changelog.txt,releasenotes.txt,Samples}
294 %dir %{_sysconfdir}/%{name}
295 %dir %{_datadir}/%{name}
296 %dir %attr(755,root,root) %{_var}/lib/%{name}
297 %ghost %{_var}/lib/%{name}/*
298 %ghost %{_var}/lib/%{name}/.??*
299 %config %{_sysconfdir}/logrotate.d/%{name}
300 %attr(700,root,root) %{_initrddir}/%{name}
301 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/%{name}/*
302 %attr(755,root,root) /sbin/%{name}
303 %{_datadir}/%{name}/action*
304 %{_datadir}/%{name}/configpath
305 %{_datadir}/%{name}/functions
306 %{_datadir}/%{name}/getparams
307 %{_datadir}/%{name}/helpers
308 %{_datadir}/%{name}/lib.*
309 %{_datadir}/%{name}/macro.*
310 %{_datadir}/%{name}/modules*
311 %{_datadir}/%{name}/version
312 %{_datadir}/%{name}/wait4ifup
313 %{_mandir}/man5/%{name}-accounting.5.*
314 %{_mandir}/man5/%{name}-actions.5.*
315 %{_mandir}/man5/%{name}-blacklist.5.*
316 %{_mandir}/man5/%{name}-ecn.5.*
317 %{_mandir}/man5/%{name}-exclusion.5.*
318 %{_mandir}/man5/%{name}-hosts.5.*
319 %{_mandir}/man5/%{name}-interfaces.5.*
320 %{_mandir}/man5/%{name}-ipsets.5.*
321 %{_mandir}/man5/%{name}-maclist.5.*
322 %{_mandir}/man5/%{name}-masq.5.*
323 %{_mandir}/man5/%{name}-modules.5.*
324 %{_mandir}/man5/%{name}-nat.5.*
325 %{_mandir}/man5/%{name}-nesting.5.*
326 %{_mandir}/man5/%{name}-notrack.5.*
327 %{_mandir}/man5/%{name}-netmap.5.*
328 %{_mandir}/man5/%{name}-params.5.*
329 %{_mandir}/man5/%{name}-policy.5.*
330 %{_mandir}/man5/%{name}-providers.5.*
331 %{_mandir}/man5/%{name}-proxyarp.5.*
332 %{_mandir}/man5/%{name}-route_rules.5.*
333 %{_mandir}/man5/%{name}-routes.5.*
334 %{_mandir}/man5/%{name}-routestopped.5.*
335 %{_mandir}/man5/%{name}-rules.5.*
336 %{_mandir}/man5/%{name}-secmarks.5.*
337 %{_mandir}/man5/%{name}-tcclasses.5.*
338 %{_mandir}/man5/%{name}-tcinterfaces.5.*
339 %{_mandir}/man5/%{name}-tcpri.5.*
340 %{_mandir}/man5/%{name}-tcdevices.5.*
341 %{_mandir}/man5/%{name}-tcfilters.5.*
342 %{_mandir}/man5/%{name}-tcrules.5.*
343 %{_mandir}/man5/%{name}-tos.5.*
344 %{_mandir}/man5/%{name}-tunnels.5.*
345 %{_mandir}/man5/%{name}-vardir.5.*
346 %{_mandir}/man5/%{name}-zones.5.*
347 %{_mandir}/man5/%{name}.conf.5.*
348 %{_mandir}/man8/%{name}.8.*
349 %{_mandir}/man8/%{name}-init.8.*
350 %dir %{_datadir}/shorewall/Shorewall
351 %{_datadir}/shorewall/Shorewall/*.pm
352 %{_datadir}/shorewall/compiler.pl
353 %{_datadir}/shorewall/prog.footer
354 %{_datadir}/shorewall/prog.header
355
356
357 %files ipv6
358 %doc %{name6}-%{ipv6_ver}/{changelog.txt,releasenotes.txt,tunnel,ipsecvpn,Samples6}
359 %dir %{_sysconfdir}/%{name6}
360 %dir %{_datadir}/%{name6}
361 %dir %attr(755,root,root) %{_var}/lib/%{name6}
362 %ghost %{_var}/lib/%{name6}/*
363 %ghost %{_var}/lib/%{name6}/.??*
364 %attr(700,root,root) %{_initrddir}/%{name6}
365 %config(noreplace) %{_sysconfdir}/%{name6}/*
366 %config %{_sysconfdir}/logrotate.d/%{name6}
367 %attr(755,root,root) /sbin/%{name6}
368 %{_datadir}/%{name6}/action*
369 %{_datadir}/%{name}/prog.footer6
370 %{_datadir}/%{name}/prog.header6
371 %{_datadir}/%{name6}/configpath
372 %{_datadir}/%{name6}/functions
373 %{_datadir}/%{name6}/helpers
374 %{_datadir}/%{name6}/lib.*
375 %{_datadir}/%{name6}/macro.*
376 %{_datadir}/%{name6}/modules*
377 %{_datadir}/%{name6}/version
378 %{_datadir}/%{name6}/wait4ifup
379 %{_mandir}/man5/%{name6}-accounting.5.*
380 %{_mandir}/man5/%{name6}-actions.5.*
381 %{_mandir}/man5/%{name6}-blacklist.5.*
382 %{_mandir}/man5/%{name6}-exclusion.5.*
383 %{_mandir}/man5/%{name6}-hosts.5.*
384 %{_mandir}/man5/%{name6}-interfaces.5.*
385 %{_mandir}/man5/%{name6}-ipsets.5.*
386 %{_mandir}/man5/%{name6}-maclist.5.*
387 %{_mandir}/man5/%{name6}-modules.5.*
388 %{_mandir}/man5/%{name6}-nesting.5.*
389 %{_mandir}/man5/%{name6}-notrack.5.*
390 %{_mandir}/man5/%{name6}-params.5.*
391 %{_mandir}/man5/%{name6}-policy.5.*
392 %{_mandir}/man5/%{name6}-providers.5.*
393 %{_mandir}/man5/%{name6}-proxyndp.5.*
394 %{_mandir}/man5/%{name6}-route_rules.5.*
395 %{_mandir}/man5/%{name6}-routes.5.*
396 %{_mandir}/man5/%{name6}-routestopped.5.*
397 %{_mandir}/man5/%{name6}-rules.5.*
398 %{_mandir}/man5/%{name6}-secmarks.5.*
399 %{_mandir}/man5/%{name6}-tcclasses.5.*
400 %{_mandir}/man5/%{name6}-tcdevices.5.*
401 %{_mandir}/man5/%{name6}-tcfilters.5.*
402 %{_mandir}/man5/%{name6}-tcinterfaces.5.*
403 %{_mandir}/man5/%{name6}-tcpri.5.*
404 %{_mandir}/man5/%{name6}-tcrules.5.*
405 %{_mandir}/man5/%{name6}-tos.5.*
406 %{_mandir}/man5/%{name6}-tunnels.5.*
407 %{_mandir}/man5/%{name6}-vardir.5.*
408 %{_mandir}/man5/%{name6}-zones.5.*
409 %{_mandir}/man5/%{name6}.conf.5.*
410 %{_mandir}/man8/%{name6}.8.*
411
412 %files lite
413 %doc %{name}-lite-%{version_lite}/*.txt
414 %dir %{_datadir}/%{name}-lite
415 %dir %attr(755,root,root) %{_var}/lib/%{name}-lite
416 %ghost %{_var}/lib/%{name}-lite/*
417 %attr(700,root,root) %{_initrddir}/%{name}-lite
418 %config(noreplace) %{_sysconfdir}/%{name}-lite/*
419 %config %{_sysconfdir}/logrotate.d/%{name}-lite
420 %attr(755,root,root) /sbin/%{name}-lite
421 %{_datadir}/%{name}-lite/configpath
422 %{_datadir}/%{name}-lite/functions
423 %{_datadir}/%{name}-lite/helpers
424 %{_datadir}/%{name}-lite/lib.*
425 %{_datadir}/%{name}-lite/modules*
426 %{_datadir}/%{name}-lite/shorecap
427 %{_datadir}/%{name}-lite/version
428 %{_datadir}/%{name}-lite/wait4ifup
429 %{_mandir}/man5/%{name}-lite*
430 %{_mandir}/man8/%{name}-lite*
431
432 %files ipv6-lite
433 %doc %{name6}-lite-%{ipv6_lite_ver}/*.txt
434 %dir %{_datadir}/%{name6}-lite
435 %dir %attr(755,root,root) %{_var}/lib/%{name6}-lite
436 %ghost %{_var}/lib/%{name6}-lite/*
437 %attr(700,root,root) %{_initrddir}/%{name6}-lite
438 %config(noreplace) %{_sysconfdir}/%{name6}-lite/*
439 %config %{_sysconfdir}/logrotate.d/%{name6}-lite
440 %attr(755,root,root) /sbin/%{name6}-lite
441 %{_datadir}/%{name6}-lite/configpath
442 %{_datadir}/%{name6}-lite/functions
443 %{_datadir}/%{name6}-lite/helpers
444 %{_datadir}/%{name6}-lite/lib.*
445 %{_datadir}/%{name6}-lite/modules*
446 %{_datadir}/%{name6}-lite/shorecap
447 %{_datadir}/%{name6}-lite/version
448 %{_datadir}/%{name6}-lite/wait4ifup
449 %{_mandir}/man5/%{name6}-lite*
450 %{_mandir}/man8/%{name6}-lite*
451
452 %files doc
453 %doc %{name}-docs-html-%{version}/*
  ViewVC Help
Powered by ViewVC 1.1.30